PHP - Changing Session Behavior


You can alter PHP's default session-handling behavior in a number of ways.

The php.ini file contains several configuration directives that you can alter:


How long the session cookie should last for (in seconds).
The default is zero, which expires the cookie when the browser is quit.

The path field for the session cookie.
Defaults to " /" (the entire site).

The domain field for the session cookie. Defaults to " " (the current server).
Change this if you want the session to be available to more than one host in the same domain.

The HttpOnly field for the session cookie.
Defaults to false.
Change this to true if you want to prevent JavaScript from accessing the session cookie.

Defaults to false.
Change it to true, and PHP automatically starts a session the moment your script starts executing

You can either alter these directives directly in your php.ini file, if you have access to it.

Or you can set them on a per-script basis using the ini_set() PHP function:

ini_set(" session.cookie_lifetime" , 1200);  // Set session timeout to 20 minutes

Related Topic